Review and insight on the behavioral aspects of cybersecurity

Lahcen, Rachid Ait Maalem; Caulkins, Bruce D.; Mohapatra, R. N.; Kumar, M. Sathish

doi:10.1186/s42400-020-00050-w

Cited by 66 publications

(34 citation statements)

References 44 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Organisations have formal policies, processes and procedures to guide employees in keeping the system secure. Organisations expect their employees to be compliant with them; however, the literature has long demonstrated that formal procedures themselves do not rule human behaviour (Maalem et al 2020 ). Indeed, there are many ways in which humans can configure and use a system in unexpected and/or unprotected modes and take shortcuts in the name of improving efficiency or simply being helpful, even if it implies implementing a violation (Dekker 2003 ; Gael et al 2009 ; Schultz 2005 ; Stanton et al 2005 ).…”

Section: Challenges To Cybersecuritymentioning

confidence: 99%

Leveraging human factors in cybersecurity: an integrated methodological approach

et al. 2021

View full text Add to dashboard Cite

Computer and Information Security (CIS) is usually approached adopting a technology-centric viewpoint, where the human components of sociotechnical systems are generally considered as their weakest part, with little consideration for the end users’ cognitive characteristics, needs and motivations. This paper presents a holistic/Human Factors (HF) approach, where the individual, organisational and technological factors are investigated in pilot healthcare organisations to show how HF vulnerabilities may impact on cybersecurity risks. An overview of current challenges in relation to cybersecurity is first provided, followed by the presentation of an integrated top–down and bottom–up methodology using qualitative and quantitative research methods to assess the level of maturity of the pilot organisations with respect to their capability to face and tackle cyber threats and attacks. This approach adopts a user-centred perspective, involving both the organisations’ management and employees, The results show that a better cyber-security culture does not always correspond with more rule compliant behaviour. In addition, conflicts among cybersecurity rules and procedures may trigger human vulnerabilities. In conclusion, the integration of traditional technical solutions with guidelines to enhance CIS systems by leveraging HF in cybersecurity may lead to the adoption of non-technical countermeasures (such as user awareness) for a comprehensive and holistic way to manage cyber security in organisations.

show abstract

Section: Challenges To Cybersecuritymentioning

confidence: 99%

Leveraging human factors in cybersecurity: an integrated methodological approach

et al. 2021

View full text Add to dashboard Cite

show abstract

“…One way to achieve these goals is generating scientific research, such as this viewpoint, to raise awareness, provide recommendations, and try new or improved solutions. However, the current times demand web-based, easy, fast, accurate, and objective but personalized and meaningful information and education that is adapted to the situation and context and to the target population [ 24 ]. Due to the unpredictable nature of human behavior and actions, humans are an important element and the main enablers of the level of cybersecurity that each system can and will have [ 24 ].…”

Section: Required Changes In Cybersecuritymentioning

confidence: 99%

COVID-19 and Cybersecurity: Finally, an Opportunity to Disrupt?

Ferreira¹,

Cruz‐Correia²

2021

JMIRx Med

View full text Add to dashboard Cite

COVID-19 has challenged cybersecurity to meet the ultimate need of guaranteeing the privacy and security of human beings. Although personal and sensitive health data are needed to better understand, detect, and control the disease, many related cybersecurity challenges and vulnerabilities require further analysis and proper discussion. The aims of this viewpoint are to explore the consequences of COVID-19 on cybersecurity and health care as well as to foster awareness regarding the need for a change in paradigm on how cybersecurity is approached. Education and information technology literacy are important when they are suitably provided; however, they are certainly not a complete solution. Disruption needs to occur at the core of human-device interactions. Building trust, providing novel means to interact with technology (eg, digital humans), and supporting people—the most important cybersecurity asset—are only some of the recommendations for a more human and resilient approach to cybersecurity, during or after the pandemic.

show abstract

“…A mechatronic background was the starting point for the present analysis, although we have focused on software-based features as basic functionalities for security analysis. We also delimit our work on cybersecurity's technological aspect based on the understanding that social and behavioral issues must be taken into account in a more general cybersecurity framework [75].…”

Section: Introductionmentioning

confidence: 99%

Proposal and Validation of a Standard Protection Profile for Homologation of Commercial Videoconferencing Equipment

2021

View full text Add to dashboard Cite

In the present work, we propose and validate a Common Criteria Standard Protection Profile (sPP) for videoconferencing equipment. The research presents the definition and analysis of the homologation system used to validate the standard protection profile, focusing on its application focused in a large Brazilian financial company. We address the main points to consider in the acquisition and current use of this product: reasonable information security assumptions, technical standards, recommendations, and international best cybersecurity practices. As a result, we have developed a Standard Protection Profile identifying the information security risks involved and the minimum parameters required in those systems acquired and used for Government environments. This paper also presents all tests performed to validate the proposed sPP. As the application is critical, involving sensitive data, our results can also foster less risky conditions in the myriad situations caused by the COVID pandemic.

show abstract

Review and insight on the behavioral aspects of cybersecurity

Cited by 66 publications

References 44 publications

Leveraging human factors in cybersecurity: an integrated methodological approach

Leveraging human factors in cybersecurity: an integrated methodological approach

COVID-19 and Cybersecurity: Finally, an Opportunity to Disrupt?

Proposal and Validation of a Standard Protection Profile for Homologation of Commercial Videoconferencing Equipment

Contact Info

Product

Resources

About